package com.zoe.sec02.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;

/**
 * @Author Zoe
 * @Date: 2021/03/29
 * @Description
 */
@Controller
public class LoginController {
    @PostMapping("/toMain")
    //  基于用户的角色来控制，需要开启全局安全控制 @EnableGlobalMethodSecurity(securedEnabled = true)
    // @Secured("ROLE_admin")
    // 基于access表达式来控制，需要开启全局安全控制  @EnableGlobalMethodSecurity(prePostEnabled = true)
    @PreAuthorize("hasRole('admin')")
    public String main(){
        return "redirect:main.html";
    }
    @PostMapping("/toError")
    public String error(){
        return "redirect:error.html";
    }
}
